Subcategories

  • All Xen related stuff

    619 Topics
    6k Posts
    P
    @ravenet well... thanks for the idea. I went ahead and tried spinning up an opensuse slowroll VM. I installed docker and the amdgpu firmware/kernel drivers, and tried running lemonade-server and ollama and same behavior. So that definitely seems to point to something weird going on on my host rather than the guest software stack...
  • The integrated web UI to manage XCP-ng

    29 Topics
    373 Posts
    olivierlambertO
    The same as @john.c and also XO Lite tends to be less a priority because less critical than the full fledged XO (the priority is to replace entirely XO 5 in the next releases). Why you would need XO Lite outside basic actions? It's mostly meant to bootstrap XO itself and do basic operations (which is already the case, at least with many basic features already). Initially, the goal hasn't moved: replacing XenCenter. We are moving in that direction, but again, I think it's more important to get XO 6 finished first. I'm curious to understand more the use case of XO Lite in your context @unreal-shizzle ?
  • Section dedicated to migrations from VMWare, HyperV, Proxmox etc. to XCP-ng

    126 Topics
    1k Posts
    C
    Hi, everyone Thank you for your help. I had a flux that was blocked by our firewall. The button worked after that. But it doesn't explain why I lost this configuration and had to reinstall it. Thanks again.
  • Hardware related section

    172 Topics
    2k Posts
    F
    Hardware update: Got a couple M9148 (4 port Matrox DP) and Wavlink WL-UG7500DH (4 port DP/HDMI) in to test. Configured a Win11 Pro VM with the Matrox driver. It broke the VM so severely that I had to re-pave. So, I pulled the card, swapped for a Wavlink and created another Win11 Pro VM - to which I assigned the Wavlink card and loaded their drivers. It works flawlessly. Both HDMI displays I had connected were instantly recognized in Device Manager and available. I then shut it down, created another VM with Mint 22.3 and assigned resources exactly per the Windows machine. Installed the Wavlink Ubuntu driver and DisplayLink. Rebooted. Still only see the XOA virtual (Console) screen regardless if I have the VM's VGA option turned on or not. The evdi driver is running as is the DisplayLink service. Looking at Xorg.0.log, I see EDID returns for the two HDMI monitors connected to the Wavlink card along with that from the virtual screen - but no screens other than the virtual one show in Display. Interesting bit: The GT730 card behaves EXACTLY the same way. Works great under Win11, driver initializes correctly in Mint but no display other than virtual. Going to post something on the DisplayLink support forum but find it odd that two different cards behave the same way in two different OSes.
  • The place to discuss new additions into XCP-ng

    253 Topics
    3k Posts
    nathanael-hN
    @pszelestey Hi, yes, we've pushed an initial commit and a few more here https://github.com/vatesfr/cluster-api-provider-vates/ it is moging every day. Ping us in Matrix/Discord devops if you want to chat live while trying
  • 0 Votes
    5 Posts
    508 Views
    gthvn1G
    PRs upstream are in review
  • Can't restart stopped VMs; unclear error message

    8
    0 Votes
    8 Posts
    447 Views
    acebmxerA
    @the_jest Not showen in this picutre but this is where the message would be displayed. Next to the name of the host... [image: 1782931263879-screenshot-2026-07-01-144023.png]
  • Start: no host available?

    9
    2
    0 Votes
    9 Posts
    824 Views
    olivierlambertO
    For your storage question, it's fully explained in the doc: https://docs.xcp-ng.org/storage/#-how-to-modify-an-existing-sr-connection And yes, it's planned to get the complete error visible in XO, sadly, it's not "obvious" since the error message isn't returned by XAPI when you try to start but by another method we need to call after it fails ("assert can be started here" from the top of my head). Let me ping @julienXOvates
  • 0 Votes
    9 Posts
    884 Views
    N
    @Danp said: Smart Reboot option found on the host's Advanced tab does what you are asking Very nice!
  • xcp-ng update to latest june patch - error - requires: perl-interpreter

    2
    0 Votes
    2 Posts
    260 Views
    bleaderB
    @AlexanderK you could try to install perl-interpreter manually maybe? I happened to have a test host at hand that hasn't been updated since december, and the yum update went fine, perl interpreter was not installed before and yum update did install it on its own as a depency for openssl 3. Maybe others will have ideas as to why this would happen in your case.
  • 0 Votes
    8 Posts
    1k Views
    TeddyAstieT
    The rule is oddly written, and may conflict with another similar one that already exist in the distro (hence may not be useful to begin with). The modern generic rule for doing vCPU hotplug is, which would be preferable to the current z10-xen-vcpu-hotplug.rules. ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}=="0", ATTR{online}="1"
  • cifs-utils LPE (CVE-2026-46243) / 8.3 dom0 vulnerability inquiry

    5
    0 Votes
    5 Posts
    993 Views
    R
    Closing the loop on this one — VSA-2026-021 went up yesterday (June 10) covering CIFSwitch / CVE-2026-46243: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-021 A few things worth flagging for anyone following along: Severity landed at Moderate 🟠 — same ballpark as CopyFail/DirtyFrag, as Lucien anticipated. XCP-ng 8.3 and XOA both confirmed affected. XCP-ng 8.3 fix isn't in the main repo yet. The advisory notes there's a publicly available package with the fix, but it's not in the standard channel — Vates is asking people to reach out for the install procedure so you don't break future Rolling Pool Updates. So don't go hand-rolling the kernel commit yourself if you want to stay on the RPU path. XOA is already handled — fixed in Debian kernel 6.1.174-1, pushed via the unattended update mechanism. Just note the XOA VM needs a restart for it to take effect, and anything older than Debian 11/12 won't get the update and needs an OS upgrade first. Mitigation is unchanged from what we discussed: blacklist the cifs module if you're not using SMB-based SRs (which breaks SMB SRs, so only if you don't rely on them). Good turnaround given the disclosure-to-advisory window. Thanks again @LucienLassalle and the security team.
  • Adding new host to pool fails - Stunnel SSL certiticate verification failure

    Solved
    16
    0 Votes
    16 Posts
    2k Views
    LucienLassalleL
    @Bryanvh No problem The issue you encountered wasn't very clear. Therefore, I've proposed a change to the XAPI to make the error more explicit (this will likely be implemented in future XAPI releases). So instead of SSL Certification failure the message will be: POOL_JOINING_MASTER_CERTIFICATE_NOT_IN_POOL_BUNDLE. Thank you very much for your patience and for bringing this issue to our attention. References: https://github.com/xapi-project/xen-api/pull/7112 LucienLassalle opened this pull request in xapi-project/xen-api closed xapi: Improve error reporting when pool join fails on TLS verification #7112
  • Ubuntu 24.04 VMs not reporting IP addresses to XCP-NG 8.2.1

    13
    5
    0 Votes
    13 Posts
    5k Views
    olivierlambertO
    Because it works already better than the GO tool from Citrix… There's no urgent fix to do, I personally use it in my production since it's available. It's just less a priority for extra features because it's already ultra stable. Right now, we choose to work in priority on XCP-ng 9.0 than the Rust tools, we can't do everything at once yet.
  • [Solved] SR_SOURCE_SPACE_INSUFFICIENT - Problems enabling HA

    Solved
    10
    0 Votes
    10 Posts
    778 Views
    J
    @olivierlambert Thanks again for your input and recomendations! I'll verify that this is solved by having the LUN expanded to 8GB instead. Afterwards I'll mark your answer as the solution!
  • Citrix or XCP-ng drivers for Windows Server 2022

    19
    0 Votes
    19 Posts
    8k Views
    ForzaF
    @iams3le we have switched to the signed xcp-ng drivers. We also replaced our older 2022 servers.
  • xe-gues-utilities woes on openSUSE Leap 16

    8
    0 Votes
    8 Posts
    700 Views
    D
    @MajorP93 that’s fine - I never use ballooning anyway so I guess I am covered good
  • log_fs_usage / /var/log directory on pool master filling up constantly

    21
    1
    0 Votes
    21 Posts
    3k Views
    poddingueP
    The sr.scan-driven SMlog growth angle that gumbo2k surfaced is a real lead; there's some context in the storage-related log files reference, but the docs don't go as far as "here's how to throttle it safely on a pool where the underlying disks should spin down." Soft ping to @Team-Storage and @Team-Hypervisor-Kernel: could one of you weigh in on whether other-config:auto-scan=false on the SR is the supported way to reduce scan pressure, or if there's a better lever? I don't want to send anyone down a path that breaks an SR. Apologies if this has already been answered somewhere I haven't seen.
  • XOA vulnerabilty to "copy fail" and "dirty frag" bug

    8
    0 Votes
    8 Posts
    2k Views
    R
    Quick update now that Vates has published their official advisory. First, kudos to the Vates security team for the thorough and timely response. VSA-2026-014 is well-documented and covers the full picture, including a third CVE I had not covered in my earlier posts. VSA-2026-014 confirms what I outlined above: XCP-ng is affected by CVE-2026-43284 (XFRM-ESP) and is NOT affected by CVE-2026-43500 (no RxRPC support). The CVE I had missed: CVE-2026-46300 ("Fragnesia") also affects XCP-ng via the XFRM ESP-in-TCP subsystem. The same esp4/esp6 blacklist mitigation applies, with the same caveat @semarie raised: it will break encrypted private networks on XCP-ng. Now that the VSA and official mitigation guidance are public, I'm releasing the diagnostic script I built. It's Python 3.6, no external dependencies, safe to run on production dom0. It tests whether an unprivileged process can engage the esp4 engine via the XFRM interface inside a user namespace — without touching any exploit code. Since both CVE-2026-43284 and CVE-2026-46300 (Fragnesia) require esp4 or esp6 to be reachable from an unprivileged namespace, and share the same mitigation, a positive result confirms exposure to both. Blacklist esp4/esp6, then run the script again — ACCESS DENIED means both CVEs are mitigated. One important note before running it: please read the code before executing it on any of your systems. This is good practice with any script from the internet, regardless of the source. The code is intentionally short and straightforward so you can review it quickly and satisfy yourself that it does exactly what it says. VSA-2026-014: https://docs.vates.tech/security/advisories/2026/vates-sa-2026-014/ Diagnostic tool: https://github.com/grabesec/XCP_ng_CVE-2026-43284_tester A kernel patch from Vates is in progress. Apply as soon as it lands.
  • 0 Votes
    8 Posts
    2k Views
    I
    @yomeyo I had this also, but problem disappeared itself. https://github.com/xcp-ng/xcp/issues/793 [image: a3dcbb0b-fe7a-4389-addc-247190039a18] IgorGlock created this issue in xcp-ng/xcp open XN-xenguestagent-rs skips IPv4 at Windows boot #793
  • Revert to snapshot, resets creation date. Intended behaviour?

    3
    0 Votes
    3 Posts
    448 Views
    J
    @poddingue Thanks for your input. Yes I'm aware that basically everything on the VM is incorporated into the snapshot. Including settings and metadata. This is acctually why I was surprised that the creation date wasn't preserved as part of that metadata. And as you say, if one uses that metric to track VM history. Then it can, and will, throw you off. I'll gladly submit this as a feature request. But my gut feeling is that it is more akin to a bug than missing feature per se. Thanks!
  • Question about pools

    10
    0 Votes
    10 Posts
    779 Views
    P
    @vlamincktr XO PROXY from source is pretty reliable at no cost either use @acebmxer script or @ronivay here is a quick tuto on an ubuntu VM https://omnibox.huducloud.com/shared_article/QJ9y1bRSPj9VTbWp6NKaV7yn/installation-xoa-a-partir-des-sources-github-ronivay first part is XO CE, second part is XO PROXY CE beware as you delegate some jobs to XO PROXY, to ever upgrade XO PROXY when you upgrade XOA, so that they have the same backup mechanisms/code
  • [SOLVED] Just FYI: current update seams to break NUT dependancies

    29
    0 Votes
    29 Posts
    4k Views
    F
    Hi, I just wanted to comment that the provided packages work for all my server. Thank you!
  • Alcatel OXE on XCP-ng – anyone done this before?

    4
    0 Votes
    4 Posts
    595 Views
    olivierlambertO
    Ah very good, so it was even easier than this. You had the Xen blk driver but instead of using an UUID, the appliance was having a hardcoded sda. Keep us posted
  • Storage domain server & Rolling pool upgrade

    5
    0 Votes
    5 Posts
    591 Views
    henri9813H
    @gregoire said: @olivierlambert I added this feature request in the backlog regarding RPU improvements. Hello, Thanks all ! Totally agree with @poddingue , be able to exclude VM which has: PCI attached devices Local storage ( maybe ? ) Could be a great option !